[wpkg-users] security issues
Tomasz Chmielewski
mangoo at wpkg.org
Tue Jun 5 11:00:39 CEST 2007
Marco Gaiarin schrieb:
> Mandi! Tomasz Chmielewski
> In chel di` si favelave...
>
>> Before we start we have to assume one thing: the whole "security" can't
>> be handled by wpkg.js itself, it has to be made by the WPKG
>> Client/Installer.
>
> Clearly can be better, but solutions proposed i think that can be used
> also with plain wpkg.js... they does not involve more server/client
> comunication then current one...
As in 99% cases wpkg.js sits on the remote server, it is by definition
insecure, isn't it?
Handling security by something which is hosted on a potentially not
secure machine isn't the best idea - you would never know if it's your
or attacker's wpkg.js.
>> On the other hand, probably there are some people using WPKG without a
>> domain; just in a workgroup, and it would be harder for them to add such
>> security feature.
>
> Exactly this. I Admit that i'm a bit lazy in my domain to use guest
> access to WPKG and %SOFTWARE% shares, but indeed a 'minimal'
> client/server authentication have to be implemented.
OK, but how? :)
--
Tomasz Chmielewski
http://wpkg.org
wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
More information about the wpkg-users
mailing list